PPP Peer Neighbor Route Feature

Have you ever come across an issue where you have got two Cisco routers, connected through back to back serial cable and are configured with two different IP subnets over the WAN link.

Lets take an example:

R1 is connected to R2 through back to back DCE/DTE cable. On R1's Serial0/0 we have ip address configured as 1.1.1.1 255.255.255.252; on R2's Serial0/0 we have configured ip address as 2.2.2.2 255.255.255.252. Now what you think ....will R1 be able to ping R2 address ?

Weird Situation :-O

Lets fix it using PPP peer neighbor route feature...trust me...not many people know this cool ppp feature :-)

PPP peer neighbor route feature discover the peer router's ip address and install a /32 host route for that address. Below is the sample config.
----------------------------------------------------------------------------------------
R1(config)#do sh ip int brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES unset administratively down down

Serial0/0 1.1.1.1 YES manual up up

-----------------------------------------------------------------------------------------
R2(config)#do sh ip int brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES unset administratively down down

Serial0/0 2.2.2.2 YES manual up up

-------------------------------------------------------------------------------------------
R1(config)#do ping 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-------------------------------------------------------------------------------------------
R1(config)#int s0/0
R1(config-if)#encapsulation ppp
R1(config-if)#exit
-------------------------------------------------------------------------------------------
R2(config)#int s0/0
R2(config-if)#encapsulation ppp
R2(config-if)#exit
-------------------------------------------------------------------------------------------
R1(config)#do ping 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/47/112 ms
--------------------------------------------------------------------------------------------
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Serial0/0
--------------------------------------------------------------------------------------------

Enjoy...

Best Regards,
Deepak Arora

Storm Control Feature On 3560 Catalyst Switches

1. Storm control is supported in physical interfaces .It can be applied also on etherchannel.

2.When storm control feature is applied to etherchannel the storm control settings propagate to the physical interfaces.

3.The rising threshold level can be specified in percentage level ( 0.00 to 100.00 ) , bps or pps

4.storm-control action shutdown command will error-disable the port during a storm.

5.storm-control action trap command will generate an snmp trap during a storm.

6. When the rate of multicast threshold exceeds the value all incoming tarffic is blocked untill the level falls below the value & only STP packets are forwarded.

Unicast storm control example:

SWITCH#configure terminal
SWITCH(config)#int fa 0/7
SWITCH(config-if)#storm-control unicast level 75 65

In this example 75 percent is the rising threshold & 65 percent is the falling threshold.

Verification:
SWITCH# show storm-control fa 0/7 unicast

Best Regards,
Deepak Arora

How to get all interfaces summary quickly

To quickly get a summary of interfaces and addressing information from IOS you could use one of the following:
Router#sh run | include interface|ip address
interface Loopback0
ip address 10.200.200.11 255.255.255.255
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
interface BRI0/0
no ip address
interface Serial1/0
no ip address
interface Serial1/0.1 multipoint
ip address 172.31.1.1 255.255.255.0
interface Serial1/0.2 multipoint
ip address 172.31.11.1 255.255.255.0
interface Serial1/1
[...]


Best Regards,
Deepak Arora

Oops I added some config to router which I don't need :-O

I'm sure you know about the "copy running-config startup-config" command used to save your configuration. However, not too many people know about the command to restore your configuration back to the startup configuration after the router is running. No, the "copy start run" command won't do it. That just merges the startup configuration with the running configuration.

Since IOS 12.3(7)T, a new command has been implemented into the IOS: the "configure replace" command. This command will allow you to truly replace the running configuration with the startup configuration, just as if you had rebooted the router.

There are many variations of this command, but my favorite is the "configure replace nvram:startup-config list" command. This will replace your current running configuration with the startup-config file located in NVRAM and list the commands that were removed/changed.

Hope this will help :-)

Best Regards,
Deepak Arora

More handy Cisco Router commands

Helpful List of commands you can use to filter output on a Cisco router:

show run | include <word>
show run | interface <interface>
show run | begin <word>
show run | section include <word>

The "section" command is my newest discovery. For example, if I want to see the configuration of ALL FastEthernet interfaces on my lab router, I could type:

PE1-T1#sh run | section include FastEthernet
interface FastEthernet1/0
description connection to PE1 Internet Router
ip address 51.88.99.2 255.255.255.252
speed 100
full-duplex
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2/1
ip address 10.7.255.100 255.255.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet3/1
no ip address
shutdown
duplex auto
speed auto

Best Regards,
Deepak Arora

Handy "Show run /" trick

Someone showed it to me and it changed my life...or at least seemed like a pretty cool tip. On Cisco devices, you can filter the "show run" output by entering a forward slash (/) at the more prompt and typing in the section you want to move to.

So...

Router# show run
Building configuration...

Current configuration : 12919 bytes
!
! Last configuration change at 17:33:29 ARIZONA Tue Oct 24 2006 by deepak
! NVRAM config last updated at 14:27:00 ARIZONA Fri Oct 20 2006 by deepak
!
version 12.4
!
...blah blah other junk goes here
!
--More-- <---- enter the forward slash here followed by a word (such as interface) that you want to jump to.

This is essentially like doing the "show run | begin" syntax, but you can do it on the fly. Okay, maybe not life changing, but sure is handy on those massive config files.

Best Regards,
Deepak Arora

Uploading IOS from ROMMON mode using TFTP

These are the minimum fields to get this going through TFTP rather than XModem.
rommon 1 > IP_ADDRESS=192.168.1.100
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.50
rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin
rommon 6 > tftpdnld (this command kicks off the tftp download)

Best Regards,
Deepak Arora

Few Handy Dandy ALIAS Commands

Enjoy :-)

From global config:

alias exec s show ip interface brief (the ol' standby)

alias exec traffic sh ip nbar protocol-discovery stats bit-rate top-n 10 (shows top 10 protocols using your interfaces)

alias exec proc show proc cpu | excl 0.00%__0.00%__0.00% (shows only processes using CPU)

Best Regards,
Deepak Arora

Want to know about total CCIEs Worldwide ?

Here you go :-) Directly from Cisco's Website

http://www.cisco.com/web/learning/le3/ccie/certified_ccies/worldwide.html


Best Regards,
Deepak Arora

Few words about ip directed broadcast :-)

An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet.

A router that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a router that is directly connected to its destination subnet, that packet is "exploded" as a broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.

The ip directed-broadcast interface command controls the explosion of directed broadcasts when they reach their target subnets. The command affects only the final transmission of the directed broadcast on its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.

If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast command, only directed broadcasts that are permitted by the access list in question will be forwarded; all other directed broadcasts destined for the interface subnet will be dropped.

If the no ip directed-broadcast command has been configured for an interface, directed broadcasts destined for the subnet to which that interface is attached will be dropped, rather than being broadcast.

Taken from Cisco's site: http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1081245

Best Regards,
Deepak Arora

Oh ! My tracert command takes a lot of time to get execured :-O

Some times when when we execute the tracert command from windows command prompt, the session looks like got hung and it takes lots of time before it starts displaying tracert command output.

The reason being is when we execute tracert command it tries to resolve all ip addresses to their domain names.

Below is the handy command to stop this resolution happening and to provide output quickly.

tracert -d IP-Addrss

e.g. - tracert -d google.com

now see yourself diff between output of tracert google.com & tracert -d google.com :-)

Best Regards,
Deepak Arora

How to edit standard/extended access-lists without using notepad ?

In newer IOS versions sequence numbers can be used to quickly edit, add, and remove entries from a named extended access-list. However in all IOS versions that support named extended access-lists, numbered extended access-lists can actually be treated like named lists where their name is the number. Without sequence numbers you can't add or edit lines, but if you need to remove a single line from somewhere in the list without deleting it you can. Take the following example:

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 100 permit tcp any any
R1(config)#access-list 100 permit udp any any
R1(config)#access-list 100 permit ospf any any
R1(config)#access-list 100 permit eigrp any any
R1(config)#do show access-list 100
Extended IP access list 100
permit tcp any any
permit udp any any
permit ospf any any
permit eigrp any any

Now let's suppose that we want to remove the second line that permits udp. Normally we would have to say "no access-list 100″, then recreate the list without line number two. However by treating this like a named access-list we have a second option:

R1(config)#ip access-list extended 100
R1(config-ext-nacl)#no permit udp any any
R1(config-ext-nacl)#end

R1#show access-list 100
Extended IP access list 100
permit tcp any any
permit ospf any any
permit eigrp any any

See :-) ! The list stays intact but the second line has been removed.

Best Regards,
Deepak Arora

Static Route Issue over Frame-Relay Cloud

While preparing for my CCIE Lab exam I learned a handy IP SLA trick which can be used with static routes/ HSRP/Metro Ethernet for failure detection and to maintain redundancy.

For example Say Router R1 is connected to router R2 via serial point to point link and as well as through frame relay cloud. Now my requirement is to establish connectivity between both router's end subnets using static route only and I am not allowed to use any dynamic routing protocol. My primary path from R1 to R2 should be through Frame Relay Cloud and if FR connectivity goes down between either R1 and Frame Relay cloud or R2 and Frame relay cloud; in that case back to back serial link should be used as backup path otherwise if FR connectivity is up in that situation back to back serial link should not be used.


Things looks easier to achieve at first look...but it's not that easy :-(

Lets talk about how we can fix this and what could be the issues with static routing.

1.) We can use Floating static route for back to back serial link....right :-)....Nooooo

Why ?

Because if we use floating static route ...the problem will be if say connectivity between R2 and FR cloud goes down ....In that case connectivity between FR cloud and R1 will still remain up so primary static route will stay in routing table and float static route will never get installed in routing table of R1.


2.) I thought we can fix it with frame relay end to end keep alive tool...but this feature can only be used with FR subinterfaces (like point to point subinterface or multipoint subinterface) ; but in this sceanrio say examiner asked us to not to use FR subinterfaces and we have to use FR physical interfaces.

.......oops .....then what we can do to solve this now....looks like we all road closed :-(

hmmmmm...take a deep breath ......we still have 2 ways to fix this. :-)

1.) Use ip sla track
2.) Use GRE tunnel


Here I'll show my personal preference...the 1st method :-)

I have attached the topology diagram/ router configurations with solution. Incase still you face issue then drop me an email at deepakarora.1984@gmail.com


Best Regards,
Deepak Arora

Configuration

<-------------------------------------------------------->
R1
<-------------------------------------------------------->
ip sla monitor 1
type echo protocol ipIcmpEcho 1.1.1.2
timeout 500
frequency 3
ip sla monitor schedule 1 life forever start-time now
--------------------------------------------------------

track 1 rtr 1
!
--------------------------------------------------------

interface Serial1/0
ip address 1.1.1.1 255.255.255.252
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 1.1.1.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 2.2.2.1 255.255.255.252
serial restart-delay 0
!
interface FastEthernet2/0
ip address 10.0.0.1 255.0.0.0
duplex auto
speed auto

----------------------------------------------------------

ip route 20.0.0.0 255.0.0.0 1.1.1.2 track 1
ip route 20.0.0.0 255.0.0.0 2.2.2.2 10
-----------------------------------------------------------
<---------------------------------------------------------------------->

<------------------------------------------->
R2
<------------------------------------------->

interface Serial1/0
ip address 1.1.1.2 255.255.255.252
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 1.1.1.1 201 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 2.2.2.2 255.255.255.252
serial restart-delay 0
!
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 20.0.0.1 255.0.0.0
duplex auto
speed auto
!
---------------------------------------------

ip route 10.0.0.0 255.0.0.0 2.2.2.1
ip route 10.0.0.0 255.0.0.0 1.1.1.1
!

----------------------------------------------

<-------------------------------------------------------------------->

<---------------------------------------->
R3
<---------------------------------------->

no ip routing

----------------------------------------

interface FastEthernet0/0
ip address 10.0.0.2 255.0.0.0
no ip route-cache
duplex auto
speed auto
!

-----------------------------------------
ip default-gateway 10.0.0.1

-----------------------------------------

<---------------------------------------------------------->

<------------------------------------->
R4
<------------------------------------->

no ip routing

-------------------------------------


!
interface FastEthernet0/0
ip address 20.0.0.2 255.0.0.0
no ip route-cache
duplex auto
speed auto
!

--------------------------------------

ip default-gateway 20.0.0.1
!
--------------------------------------

Handy Switchport host command

Now, speaking of access ports, check this out. Cisco came out with a secret-ninja command that automatically does three things:

1. Configures a switchport to access mode (for hosts)
2. Enables portfast
3. Disables Etherchannel capabilities

Here it is:

Switch(config)# interface range fa0/1 - 24
Switch(config-if-range)# switchport host

switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

Best Regards,
Deepak Arora

How to capture entire Cisco device config in a single window ?

Direct from the Cisco Wiki, a handy tip which allows you to show the complete configuration of Cisco devices without the breaks or pauses:

1. Type term length 0 in privileged mode to set your terminal to display without any breaks.
2. Type show running-config or show startup-config to show the applicable config. The config will display without any breaks or pauses.

To display the config without lengthy certificate data, use show run brief.

This is useful for capturing the complete config for documentation purposes, especially if you do not have access via TFTP or the like.

Best Regards,
Deepak Arora

Save the Time: Hung Telnet/SSH Sessions

Don't you love it when you attempt to Telnet or SSH from a Cisco device to an unreachable IP address? You're guaranteed wait time is 30 seconds...and there's no CTRL-SHIFT-6 breaking out of it. Here's a command-of-the day for you:

Router(config)#ip tcp synwait-time 5

This reduces the time the router waits for a reply SYN-ACK message to 5 seconds (from 30 seconds default) for all TCP sessions (including Telnet/SSH) coming from the router.
While I'm sure there could be an argument made that some networks may be delayed enough to have more than I five second delay from a SYN to a SYN-ACK...I'd say...fix your network.

Now that we know what the command does, what are the possible negative impacts of this command ? The default TCP timeout is thirty seconds and shortening this to five seconds could impact any TCP connection. Consider routing protocols such as BGP, Multicast routing and so on. For example, allowing only five seconds for a three way handshake on a BGP connection just might be a problem in certain SP networks.

In slow networks such as satellite, low speed async or even frame relay, for five seconds to be too short under certain conditions. You should identify this and change the timer to perhaps ten or fifteen seconds. But for most networks today, if you can’t get a three way handshake in five seconds then its not going to work.

Consider an BGP neighbour connection that uses TCP, if the connection cannot be established within the configured interval, the connection will be terminated. Its just possible that a heavily loaded BGP peer, using authentication might need more than five seconds so you should keep this in mind.

Best Regards,
Deepak Arora

"show running-config" output with gr8 speed

The bigger and bigger your configuration grows, the longer you have to wait for a "show run" output. This is because each time the show run command is executed, the router queries each interface to find the individual commands entered. To save you some wait time, Cisco introduced a command to cache your configuration in memory (for a measly 15K memory sacrifice):

Router(config)#parser config cache interface

Reduced the "show run" time on my 3640 router from 8 seconds down to 3. Nice! Keep in mind that you must execute the "show run" command once after issuing this in order to cache the configuration.

If you're interested, here's all the info:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtinvgen.html

Best Regards,
Deepak Arora

Prefix Notations - For CCNA

When you're preparing to pass the CCNA exam and earn this coveted
Cisco certification, you've got to be totally prepared for the many
kinds of binary and subnetting questions Cisco may throw at you.
You also have to be familiar with the different manners in which a
subnet mask can be expressed, and that’s where your knowledge
of prefix notation comes in.

Prefix notation is an alternate way to express the value of a subnet
mask, as opposed to the more familiar dotted decimal format. Not
only will you see prefix notation in Cisco documentation, but you’ll
probably see it on your CCNA exam. Consider the following two values:

255.255.255.0

or

/24

Believe it or not, those two values are exactly the same. The first
mask is written out in the more familiar dotted decimal format, and
you know by looking at those first three octets that every bit is set
to "1", since the maximum value of such an octet is 255:

11111111 11111111 11111111 00000000
The second value represents the exact same mask, only this value
is expressed in prefix notation. This particular value would be
pronounced "slash twenty-four", and the 24 represents the number
of consecutive ones that are set at the beginning of the subnet mask.

Those of us who hate to type numbers are particularly appreciative
of this, since it means you'll have to type a lot less numbers to
represent a subnet mask. In addition, it's a lot easier to discuss
masks in prefix notation than dotted decimal. ("I thought about
using a two-fifty-five two-fifty-five two-fifty-five zero mask ,
but then decided to use a two-fifty-five two-fifty-five two-fifty
-five one-twenty-eight mask...")

Be sure you're comfortable with prefix notation before taking your
CCNA exam. As with Cisco documentation, you'll most likely see masks
expressed in both dotted decimal and prefix notation, and you've got
to be ready to use the both as well!

Best Regards,
Deepak Arora

Broadcasts, Multicasts, And Unicasts - For CCNA

A broadcast is a data signal that is intended for everyone. A network
broadcast is much like a radio broadcast. A commercial radio
station's tower isn't sending a signal to one particular destination
- it's sending its signal out in all directions in hopes that everyone
who can listen to it will do so. A network broadcast is very similar
in that it's given a destination address that every host on the
network will listen to. Two important broadcast addresses for you
to know for the CCNA certification exams:

Data Link layer (Layer 2) broadcast frames have a destination MAC
address of ff-ff-ff-ff-ff-ff (also expressed as FF-FF-FF-FF-FF-FF,
the case doesn't matter) Network layer (Layer 3) broadcast packets
have a destination IP address of 255.255.255.255
By default, switches will forward all broadcast frames out every
port except the one that originally received the broadcast. Also by
default, routers accept broadcasts but do not forward them.

A unicast has a much simpler definition - it's simply data that has
a single destination.

Broadcasts go to everyone, unicasts go to only one -- sounds like
we need a middle ground! Luckily, we do, with multicasts. A multicast
is destined for members of a multicast group. Later on in your CCNP
studies you'll learn much more about multicasting, but there are
several multicast addresses you should know for the CCNA
certification exam:

EIGRP updates are destined for 224.0.0.10
OSPF routers listen to 224.0.0.5 for updates
RIP version 2 uses 224.0.0.9 as a destination IP address
I'm sure you notice a pattern there! The entire range of addresses
from 224.0.0.0 - 239.255.255.255 is reserved for multicasting. This
is the Class D address range. As with broadcast packets, these
multicast packets are not forwarded by routers.

It's important to know the differences between multicasts,
broadcasts, and unicasts as part of your CCNA test prep,
but this knowledge goes far beyond passing a certification exam.
Knowing how to limit broadcasts helps to improve your network.

Best Regards,
Deepak Arora

IP SLA monitoring an HTTP proxy

IP SLA monitoring an HTTP proxy Cisco IOS includes a mechanism to monitor link attributes and ensure they stay within the parameters of a Service Level Agreement (SLA). An SLA is a contract between a service provider and its customer which outlines minimum benchmarks the service provider must maintain. In the data networking world, such benchmarks can include minimum throughput, delay, jitter, or other attributes. An IOS router can be configured with an IP SLA monitor to constantly evaluate these properties of a link or path and ensure that a service provider is fulfilling its obligation. However, SLA monitors can also be useful within an enterprise. Consider the following topology: The 192.168.0.0/24 subnet is connected to the rest of the network by R1 and R2,and web access to the Internet is accomplished through a proxy (172.16.55.87) located elsewhere on the network. R1 and R2 do not share a common path to the proxy, and one might lose connectivity to the proxy while the other does not. The VRRP deployment facing 192.168.0.0/24 complicates this, as web access will be lost if the master router can no longer forward HTTP requests to the proxy. R1 has been configured with a VRRP priority of 110, while R2 has the default priority of 100. Fortunately, we can configure an IP SLA monitor on R1 to check for HTTP connectivity to the web proxy. The monitor can then be referenced by the VRRP configuration to lower the router's VRRP priority when the monitor fails. First we have to configure an HTTP IP SLA monitor: R1(config)# ip sla 1 R1(config-ip-sla)# http get http://172.16.55.87/ R1(config-ip-sla-http)# frequency 60 R1(config-ip-sla-http)# timeout 5000 The above configuration creates a monitor which sends an HTTP GET request to the specified URL every 60 seconds and checks for a valid response. The timeout has been set for 5000 milliseconds, or 5 seconds. Note that this configuration only checks for HTTP connectivity to the proxy itself; however, if we wanted to be especially thorough, IOS also provides an option to check for HTTP connectivity to external sites through the proxy: R1(config-ip-sla)# http get http://external-site/ proxy http://172.16.55.87/ name-server 172.16.44.10 Next, we schedule the monitor to run. In this case, we want the monitor to run continuously beginning right now. R1(config)# ip sla schedule 1 start-time now life forever The monitor will now start. After a few minutes, we can view the IP SLA statistics to verify it is successful: R1# show ip sla statistics Round Trip Time (RTT) for Index 1 Latest RTT: 72 milliseconds Latest operation start time: *00:42:17.839 UTC Fri Mar 1 2002 Latest operation return code: OK Latest DNS RTT: 0 ms Latest TCP Connection RTT: 20 ms Latest HTTP Transaction RTT: 52 ms Number of successes: 3 Number of failures: 0 Operation time to live: Forever Now that our SLA monitor is up and running, we need to create a tracked object pointing to it. Depending on the IOS version in use, an IP SLA monitor is referenced as a Response Time Reporter (RTR) with rtr (prior to 12.4(20)T), or with ip sla (12.4(20)T and later). The legacy RTR syntax is used here: R1(config)# track 1 rtr 1 state R1(config-track)# exit The tracked object serves as a wrapper for the IP SLA monitor so that it can be referenced from VRRP, which is the last portion to configure: R1(config)# interface f0/1 R1(config-if)# vrrp 1 track 1 decrement 20 R1(config-if)# ^Z R1# show vrrp FastEthernet0/1 - Group 1 State is Master Virtual IP address is 192.168.0.1 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption enabled Priority is 110 Track object 1 state Up decrement 20 Master Router is 192.168.0.2 (local), priority is 110 Master Advertisement interval is 1.000 sec Master Down interval is 3.570 sec Now, if the SLA monitor fails to receive an HTTP response from the proxy, the tracked object changes state to "down," and the the VRRP process on 192.168.0.2 will decrement its priority by 20. With R2 configured with the default priority of 100, it should take over as the master VRRP router. We can disconnect R1 from the proxy to observe an IP SLA monitor failure and subsequent VRRP failover: R1# show ip sla statistics Round Trip Time (RTT) for Index 1 Latest RTT: 0 milliseconds Latest operation start time: *01:00:17.839 UTC Fri Mar 1 2002 Latest operation return code: Socket receive error Latest DNS RTT: 0 ms Latest TCP Connection RTT: 0 ms Latest HTTP Transaction RTT: 0 ms Number of successes: 20 Number of failures: 1 Operation time to live: Forever R1# *Mar 1 01:00:25.179: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup R2# show vrrp FastEthernet0/1 - Group 1 State is Master Virtual IP address is 192.168.0.1 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption enabled Priority is 100 Master Router is 192.168.0.3 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec Of course, if the connection to the proxy is restored, and the IP SLA monitor recovers, R1 restores its VRRP priority to 110, and takes over to once again become the master router. Best Regards, Deepak Arora

How to Schedule commands on Cisco Router ?

Command schedulers allow you to run commands, or a sequence of commands, once or on a recurring calendar. Learn how you can use the Cisco IOS command scheduler to back up your router's running configuration to the startup configuration on a regular basis.

Cisco IOS has a built-in command scheduler called kron. Introduced in Cisco IOS 12.3(1), this command scheduler is similar to the Windows at program and the UNIX cron or at programs. Command schedulers allow you to run commands, or a sequence of commands, once or on a recurring calendar.

Use the command scheduler

For example, let's say you want to automatically back up your router's running configuration (in RAM) to the startup configuration (in NVRAM) every Monday night at 10 P.M. You might want to make sure that the system is preserving router changes, even if the router losses power--and even if someone forgets to save his or her changes.

The new IOS command scheduler makes this a relatively easy task. Here's how you can use kron to accomplish this.

First, create a kron policy list. Essentially, this policy list serves as your "script," which lists what you want the router to run at a scheduled time. Here's an example:

Router(config)# kron policy-list backup
Router(config-kron-policy)# cli write
Router(config-kron-policy)# exit

Next, create a kron occurrence, in which you tell the router when and how often you want to run this policy list (i.e., group of commands). Here's an example:

Router(config)# kron occurrence backup at 22:00 Mon recurring
Router(config-kron-occurrence)# policy-list backup

This code sets up your backup job to run every Monday night at 10 P.M. (22:00 in military time).

Finally, verify that you've entered everything correctly by using the show command.

Router# show kron schedule
Kron Occurrence Schedule
backup inactive, will run again in 2 days 22:03:46 at 22:00 on Mon
Router# show running-configuration
(truncated)
kron occurrence backup at 22:00 Mon recurring
policy-list backup
!
kron policy-list backup
cli write
(truncated)

You might be wondering why I used the write command instead of the copy running-configuration startup-configuration commands. While the copy run start command is interactive, the write command is not. In other words, write doesn't prompt to verify what you want to do. It's important to remember that the Cisco IOS Command Scheduler doesn't allow any interactive commands.

Know your limitations

Another thing to look out for is that kron has more limitations than its Windows or UNIX counterparts. For example, you can only use privileged-mode commands with kron; it doesn't allow any Global or Interface configuration commands. This is because it executes each command separately.

In addition, it doesn't allow you to edit the list of commands once you've entered them. Therefore, you should test the command sequence before entering it. If a command in the sequence fails, the router will delete that sequence of commands and not run it again.

Some of these limitations may be due to the fact that the command scheduler's primary design appears to be to allow Cisco routers to contact Cisco's CNS server to request an automatic upgrade. While this is a good use for the command scheduler, you can also use it for a number of other handy tasks.

Learn additional uses

You might be wondering if you could use kron to reboot the router. While it's a good idea to use the command scheduler if you want to reboot your router on a regularly scheduled basis, you can perform a one-time delayed reboot using reload at .... with less complexity.

Additional uses for kron include clearing an interface on a daily schedule, clearing the internal log, and showing the routing table at set intervals and sending it to a log.

In some cases, you may want to log the failure or success of your commands. To do so, you can use the debug command. For example, to view all kron debugging, use debug kron all. (You can also use more specific kron debug commands.)

Once you've enabled debugging, send logging output to the router's system buffer or to a syslog server. In that log, you'll find the command output and whether the commands succeeded or failed.

These are just some examples of how you can use the IOS command scheduler. How would you use the command scheduler on your network? Post your ideas and tricks to this article's discussion.

Best Regards,
Deepak Arora

Magic Of TEE & Redirect Command

Hello Friends,

This is my first post so want to show a nice cisco trick- The magic of Tee and Redirect Command


The command name is Redirect & Tee which is being used by cisco routers to redirects or save the show config directly to any where.

e.g.

sh run | tee tftp://192.168.0.1/runconf.txt
show tech-support | tee tftp://192.168.0.1/techsupp.txt

You can also use redirect in the same way
e.g.
show tech-support | redirect tftp://192.168.0.1/techsupp.txt

Best Regards,
Deepak Arora